Tier 2b — Access Control

0.0(0)
Studied by 0 people
call kaiCall Kai
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/65

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 12:33 AM on 5/22/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai

No analytics yet

Send a link to your students to track their progress

66 Terms

1
New cards

Plaintext

Information in normal, readable form

2
New cards

Ciphertext

Encrypted, unreadable form

3
New cards

Encryption algorithm

The mathematical formula used to encrypt or decrypt

4
New cards

Encryption key

The password (input to the algorithm) used to encrypt/decrypt

5
New cards

Symmetric encryption

SAME key encrypts and decrypts — FAST, key management is hard

6
New cards

Asymmetric encryption

Public/private key pair — slower, scales better with many users

7
New cards

Symmetric vs asymmetric

Symmetric is FAST; asymmetric SCALES better with many users

8
New cards

AES

Advanced Encryption Standard — example of SYMMETRIC encryption

9
New cards

RSA

Rivest-Shamir-Adleman — example of ASYMMETRIC encryption

10
New cards

TLS

Transport Layer Security — modern encryption for data in transit (successor to SSL)

11
New cards

HTTPS

HTTP with TLS encryption (port 443) — secures data in transit

12
New cards

Data at rest

Stored data — protect with full-disk encryption, file encryption

13
New cards

Data in transit

Data moving over a network — protect with TLS, HTTPS, VPN

14
New cards

Data in use

Data in active memory/being processed — hardest to protect

15
New cards

Hash function

One-way function — variable-length input to fixed-length output

16
New cards

Message digest

The fixed-length output produced by a hash function

17
New cards

Hash characteristic - one-way

Cannot be reversed

18
New cards

Hash characteristic - fixed length

Output is fixed-length regardless of input size

19
New cards

Hash characteristic - collision resistance

No two inputs should produce the same output

20
New cards

MD5

128-bit hash — NO LONGER secure

21
New cards

SHA-1

160-bit hash — NO LONGER secure

22
New cards

SHA-2

Hash family producing 224/256/384/512-bit outputs — currently secure

23
New cards

SHA-3

Newer hash (2015), user-selected length — very secure

24
New cards

RIPEMD

Non-government hash alternative — 160-bit version used in Bitcoin

25
New cards

Data lifecycle stage 1 - Create

New data is created or existing data modified

26
New cards

Data lifecycle stage 2 - Store

Data is placed in a storage repository

27
New cards

Data lifecycle stage 3 - Use

Data is read or processed

28
New cards

Data lifecycle stage 4 - Share

Data is shared with vendors, partners, or authorized parties

29
New cards

Data lifecycle stage 5 - Archive

Data no longer actively used moved to long-term storage

30
New cards

Data lifecycle stage 6 - Destroy

Data is disposed of using a secure method

31
New cards

Top Secret

Highest government/military classification

32
New cards

Secret

Second-highest government/military classification

33
New cards

Confidential

Third-tier government/military classification

34
New cards

Unclassified

Lowest government/military classification

35
New cards

Highly Sensitive

Highest business classification

36
New cards

Sensitive

Second-highest business classification

37
New cards

Internal

Third-tier business classification

38
New cards

Public

Lowest business classification

39
New cards

Clearing

Data destruction — overwrites data to frustrate casual recovery (lowest severity)

40
New cards

Purging

Data destruction — advanced techniques to frustrate laboratory analysis (medium)

41
New cards

Destroying

Data destruction — complete obliteration (shredding, melting, burning)

42
New cards

Degaussing

Strong magnetic field destroys magnetic media (doesn't work on SSDs)

43
New cards

Remanence

Residual data left on storage after deletion — why wiping is needed

44
New cards

Cross-cut shredding

Required method for sensitive paper destruction

45
New cards

Ingress monitoring

Watching data coming INTO the network

46
New cards

Egress monitoring

Watching data going OUT — detects exfiltration

47
New cards

Accountability

Identity attribution — identifies who caused an event

48
New cards

Traceability

Uncovers the chain of related events

49
New cards

Auditability

Clear documentation of events that can be reviewed

50
New cards

Event

Any observable occurrence in a system or network

51
New cards

Incident

An event that violates security policy or threatens CIA

52
New cards

Breach

Confirmed incident where unauthorized party actually accessed data

53
New cards

Zero day

A vulnerability unknown to defenders — no patch exists yet

54
New cards

APT

Advanced Persistent Threat — sophisticated, long-running attacker (often nation-state)

55
New cards

Exploit

A specific technique used to take advantage of a vulnerability

56
New cards

Intrusion

Unauthorized access to a system

57
New cards

RFC

Request for Change — formal proposal for a change to be reviewed

58
New cards

Rollback

Reverting to a previous known-good state if a change fails

59
New cards

Patch management

Process for testing, approving, deploying software patches

60
New cards

Hardening

Reducing attack surface by disabling unneeded services

61
New cards

CDN

Content Delivery Network — geographically distributed servers for fast content

62
New cards

MTTR

Mean Time To Repair — average time to fix a failed component

63
New cards

MTBF

Mean Time Between Failures — expected time between system failures

64
New cards

Wet pipe fire suppression

Pipes full of water — risk of leak damaging electronics

65
New cards

Dry pipe fire suppression

Pipes empty until alarm — slight delay, no incidental water damage

66
New cards

Chemical fire suppression

Deprives fires of oxygen — dangerous to people in the room